MDVSA-2008:209-1
- Package name
- pam_krb5
- Date
- 2008-10-06
- Advisory ID
- MDVSA-2008:209-1
- Affected versions
- 2009.0 x86_64 , 2009.0 i586
Problem description
Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket
configuration option where, if enabled and using an existing credential
cache, it was possible for a local user to gain elevated privileges
by using a different, local user's credential cache (CVE-2008-3825).
The updated packages have been patched to prevent this issue.
Update:
An updated package for Mandriva Linux 2009.0 is now available.
Updated packages
2009.0 x86_64
4adf22d425ced352686fd2e0d98a00d9 2009.0/x86_64/pam_krb5-2.3.1-4.1mdv2009.0.x86_64.rpm c17dc0c9e765e8be1e73456240609182 2009.0/SRPMS/pam_krb5-2.3.1-4.1mdv2009.0.src.rpm
2009.0 i586
edcc62c9e3783bd72d3f0becd198d5fa 2009.0/i586/pam_krb5-2.3.1-4.1mdv2009.0.i586.rpm c17dc0c9e765e8be1e73456240609182 2009.0/SRPMS/pam_krb5-2.3.1-4.1mdv2009.0.src.rpm